Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Differential cryptanalysis of PRESENT-like cipher

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

In 2011, Borghoff et al. introduced a slender-set differential cryptanalysis on PRESENT-like ciphers with key-dependent S-boxes. Borghoff’s differential attack mainly divides into two parts: data collection phase and S-box recovery phase. In this paper, we investigate different attacks on PRESENT-like cipher with secret S-boxes and public S-boxes. For PRESENT-like cipher with secret S-boxes, we introduce two new cryptanalytic techniques, and use them to recover the secret S-boxes more efficiently. Our first new idea is that we present a new method of data collection based on the method of optimal distinguisher for collecting information efficiently. Another new technique is that we propose a method of constructing the entire correct slender-sets instead of checking the correctness of slender-sets in the S-box recovery phase. In particular, we implemented a successful attack on the cipher Maya in practice. In our experiments, the correct S-boxes can be recovered with \(2^{26}\) data complexity and \(2^{22.4}\) time complexity at a success rate of 100 % based on 200 independent trials. Furthermore, we propose a new method of recovering the secret key of PRESENT-like cipher with public S-boxes with lower data and time complexity. To the 12-round PRESENT-80, the experiments show that we can recover the entire 80-bit secret key with \(2^{34.9}\) data and \(2^{38.9}\) time complexity. To the 22-round \(\mathrm{PRINT}_\mathrm{CIPHER}\), experiments show that we can recover the entire 80-bit secret key with \(2^{37.5}\) data complexity and \(2^{41.5}\) time complexity. To the best of our knowledge, our attack is the best known differential attacks on PRESENT and \(\mathrm{PRINT}_\mathrm{CIPHER}\) in practice.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abdelraheem M., Leander G., Zenner E.: Differential cryptanalysis of round-reduced PRINTcipher: computing roots of permutations. In: Joux A. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 6733, pp. 1–17. Springer, Berlin (2011).

  2. Baignères T., Junod P., Vaudenay S.: How far can we go beyond linear cryptanalysis? In: Lee P.J. (ed.) Advances in Cryptology—Asiacrypt 2004 (Proceedings). Lecture Notes in Computer Science, vol. 3329, pp. 432–450. Springer, Berlin (2004).

  3. Biryukov A., Shamir A.: Structural cryptanalysis of SASAS. In: Pfitzmann B. (ed.) Advances in Cryptology—Eurocrypt 2001 (Proceedings). Lecture Notes in Computer Science, vol. 2045, pp. 394–405. Springer, Berlin (2001).

  4. Biryukov A., Shamir A.: Structural cryptanalysis of SASAS. J. Cryptol. 23(4), 505–518 (2010). doi:10.1007/s00145-010-9062-1.

    Google Scholar 

  5. Blondeau C., Gérard B.: Multiple differential cryptanalysis: theory and practice. In: Joux A. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 6733, pp. 35–54. Springer, Berlin (2011).

  6. Blondeau C., Gérard B.: Multiple differential cryptanalysis: theory and practice (corrected). In: Cryptology ePrint Archive. Report 2011/115 (2011).

  7. Blondeau C., Gérard B., Nyberg K.: Multiple differential cryptanalysis using LLR and \(\chi ^2\) statistics. In: Visconti I., De Prisco R. (eds.) SCN 2012. Lecture Notes in Computer Science, vol. 7485, pp. 343–360. Springer, Berlin (2012).

  8. Bogdanov A., Knudsen L.R., Leander G., Paar C., Poschmann A., Robshaw M.J.B., Seurin Y., Vikkelsø C.: Present: an ultra-lightweight block cipher. In: Paillier P., Verbauwhede I. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2007 (Proceedings). Lecture Notes in Computer Science, vol. 4727, pp. 450–466. Springer, Berlin (2007).

  9. Borghoff J., Knudsen L.R., Leander G., Matusiewicz K.: Cryptanalysis of C2. In: Halevi S. (ed.) Advances in Cryptology—Crypto 2009. Lecture Notes in Computer Science, vol. 5677, pp. 250-266. Springer, Berling (2009).

  10. Borghoff J., Knudsen L., Leander G., Thomsen S.: Cryptanalysis of PRESENT-like ciphers with secret S-boxes. In: Joux A. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 6733, pp. 270–289. Springer, Berlin (2011).

  11. Borghoff, J., Knudsen, L.R., Leander, G., Thomsen, S.S.: Slender-set differential cryptanalysis. J. Cryptol 26(1), 11–38 (2013). doi:10.1007/s00145-011-9111-4

    Article  MathSciNet  MATH  Google Scholar 

  12. Cho J.Y.: Linear cryptanalysis of reduced-round PRESENT. In: Pieprzyk J. (ed.) Topics in Cryptology—Ct-Rsa 2010, (Proceedings). Lecture Notes in Computer Science, vol. 5985, pp. 302–317. Springer, Berlin (2010).

  13. Collard, B., Standaert, F.-X.: A statistical saturation attack against the block cipher PRESENT. In: Fischlin, M. (ed.) CT-RSA 2009. Lecture Notes in Computer Science, vol. 5473, pp. 195–210. Springer, Heidelberg (2009)

    Google Scholar 

  14. Coppersmith D., Halevi S., Jutla C.: Cryptanalysis of stream ciphers with linear masking. In: Yung M. (ed.) Advances in Cryptology—Crypto02. Lecture Notes in Computer Science, vol. 2442, pp. 515–532. Springer, Heidelberg (2002).

  15. Gilbert, H., Chauvaud, P.: A chosen plaintext attack of the 16-round Khufu cryptosystem. In: Desmedt, Y. (ed.) Advances in Cryptology CRYPTO 94. Lecture Notes in Computer Science, vol. 839, pp. 359–368. Springer, Berlin (1994)

    Google Scholar 

  16. Gomathisankaran M., Lee R.B.: Maya: A novel block encryption function. In: Proceedings of the International Workshop on Coding and Cryptography 2009. Accessed http://palms.princeton.edu/system /files/maya (2010/02/14).

  17. Hermelin M., Cho J.Y., Nyberg K.: Multidimensional extension of Matsui’s algorithm 2. In: Dunkelman O. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 5665, pp. 209–227. (2009).

  18. Junod P.: On the optimality of linear, differential and sequential distinguishers. In: Biham E. (ed.) Advances in Cryptology—Eurocrypt03. Lecture Notes in Computer Science, vol. 2656, pp. 17–32. Springer, Berlin (2003).

  19. Knudsen, L., Leander, G., Poschmann, A., Robshaw, M.B.: PRINTcipher: A Block Cipher for IC-Printing. In: Mangard, S., Standaert, F.-X. (eds.) Cryptographic Hardware and Embedded Systems, CHES 2010. Lecture Notes in Computer Science, vol. 6225, pp. 16–32. Springer, Berlin (2010)

    Chapter  Google Scholar 

  20. Nakahara Jr, J., Sepehrdad, P., Zhang, B., Wang, M.: Linear (Hull) and algebraic cryptanalysis of the block cipher PRESENT. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. Lecture Notes in Computer Science, vol. 5888, pp. 58–75. Springer, Heidelberg (2009)

    Google Scholar 

  21. Neyman P., Pearson E.: On the problem of the most efficient tests of statistical hypotheses. Philos. Trans. R. Soc. Lond. 289–337 (1933).

  22. Ohkuma, K.: Weak keys of reduced-round PRESENT for linear cryptanalysis. In: Jacobson Jr, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. Lecture Notes in Computer Science, vol. 5867, pp. 249–265. Springer, Heidelberg (2009)

    Google Scholar 

  23. Peng J., Jin S.: Designing key-dependent S-boxes using hyperchaotic chen system. In: Zhong Z. (ed.) Proceedings of the International Conference on Information Engineering and Applications (IEA) 2012. Lecture Notes in Electrical Engineering, vol. 216, pp. 733–740. Springer, London (2013).

  24. Stoianov N.: One approach of using key-dependent S-BOXes in AES. In: Dziech A., Czyzewski A. (eds.) Multimedia Communications, Services, and Security, vol. 149. Communications in Computer and Information Science, pp. 317–323 (2011).

  25. Szaban M., Seredynski F.: Dynamic cellular automata-based S-boxes. In: MorenoDiaz R., Pichler F., QuesadaArencibia A. (eds.) Computer Aided Systems Theory—Eurocast 2011, Pt I. Lecture Notes in Computer Science, vol. 6927, pp. 184–191. Springer, Berlin (2012).

  26. Vaudenay, S.: On the weak keys of blowfish. In: Gollmann, D. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 1039, pp. 27–32. Springer, Berlin (1996)

    Chapter  Google Scholar 

  27. Wang M.: Differential cryptanalysis of reduced-round PRESENT. In: Vaudenay S. (ed.) Progress in Cryptology—Africacrypt 2008, vol. 5023. Lecture Notes in Computer Science, pp. 40–49 (2008).

  28. Wang, M., Sun, Y., Tischhauser, E., Preneel, B.: A model for structure attacks, with applications to PRESENT and serpent. In: Canteaut, A. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 7549, pp. 49–68. Springer, Berlin (2012)

    Chapter  Google Scholar 

Download references

Acknowledgments

I wish to thank the anonymous reviewers for very useful comments that help to improve the paper. This work was supported by National Natural Science Foundation of China (Grant No. 61272488).

Author information

Authors and Affiliations

  1. Zhengzhou Information Science and Technology Institute, 450000 , Zhengzhou, China

    Guo-Qiang Liu & Chen-Hui Jin

Authors
  1. Guo-Qiang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chen-Hui Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Guo-Qiang Liu.

Additional information

Communicated by L. R. Knudsen.

Appendices

Appendices

Table 12 The top 32 values of \(LL\tilde{R}_{D_{\{ x,y\} }, D_1}\) in the sorted list in our data collection and in [10, 11]
Full size table
Fig. 1
figure 1

The candidate slender-set of our attack and Borghoff’s attack in data collection with \(2^{33}\) data complexity to 16 round Maya

Full size image
Fig. 2
figure 2

The candidate slender-set of our attack and \(\chi ^2 \) statistic method in data collection with \(2^{33}\) data complexity to 16 round Maya

Full size image
Table 13 The top 32 order of \(e_k\) for each \(0 \le k \le 15\) to PRESENT-80 with round key being \((0111)_2\)
Full size table
Table 14 The order of \(e_k \) for each \(k\) to \(\mathrm{PRINT}_\mathrm{CIPHER}\)-48 with round key being \((011)_2\)
Full size table

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Liu, GQ., Jin, CH. Differential cryptanalysis of PRESENT-like cipher. Des. Codes Cryptogr. 76, 385–408 (2015). https://doi.org/10.1007/s10623-014-9965-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-014-9965-1

Keywords

Mathematics Subject Classification

Search

Navigation